Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. all from the Compliance Podcast Network. Each day we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.
Stories we are following in today’s edition:
Innovation comes in many areas and compliance professionals need to not only be ready for it but embrace it. One of those areas is telehealth and telemedicine. My guest in this episode is Chris Lehman, CEO at Safeguard Cyber who visits with me to discuss the challenges and importance of managing risk in digital compliance.
The conversation focuses on the shift in communication channels from email to platforms like Slack and social media, highlighting the human factor as the biggest risk in compliance strategies. Lehman emphasizes the need for companies to prioritize compliance and good corporate governance in these new communication channels. To manage risk, companies should treat digital compliance as a risk management process, gaining visibility into employee communication tools, establishing policies, training employees, and utilizing technology.
We also highlight the tension between compliance teams and line of business teams, emphasizing the need for compliance teams to be enablers and strategic partners. The conversation references recent SEC enforcement actions and the importance of taking action to enforce compliance. Overall, digital compliance and governance are crucial in the modern business landscape, and utilizing technologies like monitoring tools and natural language understanding can help businesses stay secure and compliant in the digital age.
Highlights Include:
· Safeguard Cyber: Securing Digital Communications
· Managing Risk in Digital Compliance
· Managing Risk in Compliance
· Digital Compliance and Governance
Resources
Chris Lehman on LinkedIn
Tom Fox
The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, going into the weeds to explore a subject more fully and looking for some hard-hitting insights on sanctions compliance. Look no further than Compliance into the Weeds!
In this episode, co-hosts Tom Fox and Matt Kelly dissect the Navex 2023 State of Risk and Compliance Report. Tom and Matt delve into Navex’s annual benchmarking report, which surveyed 1,300 compliance professionals. The report revealed that 53% of respondents described their compliance programs as mature. Matt and Tom question whether the board is driving the conversation or if compliance officers request updates due to potential liability. The report’s findings on cybersecurity and privacy concerns, survey results on where compliance should reside in a company, and the importance of having a mature anti-bribery anti-corruption compliance program are all discussed. Tune in to hear more about how compliance officers can address pressing concerns such as cybersecurity breaches and attacks.
Key Highlights:
Resources:
Matt
Blog Post in Radical Compliance
Tom
The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, going into the weeds to explore a subject more fully and looking for some hard-hitting insights on sanctions compliance. Look no further than Compliance into the Weeds!
Get ready to dive into the fraud risk management and prevention world with Compliance into the Weeds, hosted by Tom Fox and Matt Kelly. In this episode, they break down the recently released fraud risk framework by COSO and the Association of Certified Fraud Examiners and how it’s necessary for today’s cyber-based fraud and cryptocurrency. They stress the importance of data analytics and internal hotlines to prevent fraud and that all employees need to be trained to detect and prevent fraud in their industry. The hosts also discuss how financial reporting controls may not always detect fraud and how anti-fraud controls are essential. With the rise of new types of fraud like ESG and greenwashing, the hosts recommend the fraud risk report for audit and compliance professionals to stay informed about risks swirling around corporations today. Take advantage of this informative and fascinating podcast. Tune in to Compliance into the Weeds now.
Key Highlights:
· Fraud Risk Management: COSO Report 2nd Edition
· Effective Fraud Prevention Training for Employees
· Importance of Anti-Fraud Controls in Fighting Fraud
· COSO Fraud Risk Guidance and the Fraud Pentagon
Notable Quotes:
“But when you think about it, we have a lot of external factors, such as the rise of cryptocurrency, which is riddled with fraud and corruption risk. New methods of cyber-based fraud, which didn’t exist, say, 2016, the 2010s before that. Rise of ransomware in particular, which wasn’t quite a big thing back then that it is all over the place now.”
“Most frauds, you the risk management function, you might never catch them. By looking for them, you’ll have to depend on somebody else coming to you from the enterprise, say, I think this person over here is doing something sketchy.”
“Fraud is having a moment. And fraud risk is on the forefront of many people’s minds from many different areas.”
“We need to do better at finding ways to assess and understand your fraud risk and then implementing new controls as necessary to push that risk down to acceptable levels.”
Resources
Matt
Blog Post in Radical Compliance
Tom
According to Curtis Preston, Chief Technical Evangelist at Druva, cyberattacks are not a matter of “if,” but “when.” In this episode, Tom Fox. and Curtis dive into the importance of backup systems and cyber resilience to protect against ransomware and other types of cyberattacks. Curtis shares his insights on how to limit the blast radius of an attack, why you should assume a breach, and the need to have a playbook and a cyber response team in place. They also discuss the role of state-sponsored attacks in non-kinetic warfare and the need for increased cyber resilience as we approach 2030.
W. Curtis Preston has 30 years of experience in the backup and data protection industry. He started his career at MBNA, the second-largest credit card company in 1993, and has been specializing in backup servers ever since. He is currently the Chief Technical Evangelist at Druva, where he talks, writes, and hosts podcasts about data protection systems. Curtis is also known as ‘Mr. Backup’, a moniker that he adopted while writing his first book on backups.
You’ll hear Tom and Curtis discuss:
KEY QUOTES:
“Today, I think the average user is so used to equipment that just works, they don’t really think as much about backup and recovery, I think, as we did back in the day.” – Curtis Preston
“By the way, I do think by 2030, passwords will be a thing of the past.” – Curtis Preston
“It’s also having a robust backup plan in place with sufficient security protocols and that when you are attacked, not if when you are attacked, they can’t take your star player out, and if it all does go down, you have a way to at least build back.” – Curtis Preston
Resources:
Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. In this episode, we mine the whistleblower allegations by Peiter Zatko, AKA “Mudge,” made against Twitter for lessons for the cyber-security professional and wide compliance discipline. Highlights and questions posed include:
· The allegations made by Mudge.
· Why does an organization need a CISO (or CCO or CECO)?
· How did Twitter get hacked, its employees duped, and its controls bypassed?
· What is pedestrian yet telling in this saga?
· Why is data mapping mandatory if not critical?
· Where were the external auditors?
· Is there a Caremark claim here?
Resources
Matt in Radical Compliance
Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. In this episode, we deep dive into recent failures detected in the state of Wisconsin regarding cyber security risks around election integrity. Highlights include:
Resources
Matt in Radical Compliance
After the Russian invasion of Ukraine, the business world will never be the same again. Deputy Attorney General Lisa Monaco recently said that the world’s “geopolitical landscape is more challenging and complex than ever. The most prominent example is, of course, Russia’s invasion of Ukraine.” It is “nothing less than a fundamental challenge to international norms, sovereignty and the rule of law that underpins our society.” This is even more so in the current business climate. Over this five-part podcast series, I will consider how the business will never again be the same and how a confluence of events has changed business forever. I am joined in this exploration by Brandon Daniels, CEO of Exiger. We will explore the irrevocable changes in Supply Chain, trade and economic sanctions, anti-corruption, cyber-security and ESG. In Part 4, we look at the changes wrought in cyber-security. Highlights include:
· Russian invasion made the nature of cyber-security risk explicit.
· Now continuous non-kinetic warfare.
· Cyber-security is interconnected to commerce.
· Quadrant analysis for risk assessment.
· Jurisdiction risk introduces the where equation.
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. This week, Matt and Tom take a deep dive into some of the impacts on compliance from the Russian invasion of Ukraine. Highlights include:
· How will the invasion impact your Supply Chain?
· What are the attributes of a compliance program that can lead your corporate response?
· What about cyber?
· Will all this lead to a more holistic ERM response?
Resources
Matt in Radical Compliance
Welcome to the only roundtable podcast in compliance. The entire gang was also recently honored by W3 as a top talk show in podcasting. In this episode, we have the quartet of Jonathan Marks, Karen Woody, Jonathan Armstrong, Tom Fox and Matt Kelly. We dedicate the entire episode to compliance issues arising from the Russia invasion of Ukraine. We conclude with our fan favorite Shout Outs and Rants.
The members of the Everything Compliance are:
The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.
